krypticmind writes: Researcher Nasko Oskov from netsekure.org has spent 30 days trusting only 10 CA root certificates in his browser and details the findings in his blog. "It was an interesting one month and I’ve learned a bunch. The main takeaway from this experiment is that I don’t need 3 digit number of trusted CAs in my browser." This comes after previous concerns on breaking the chain of trust for certificates here (http://yro.slashdot.org/story/10/03/26/1334254/Government-Could-Forge-SSL-Certificates).

This discussion was created for logged-in users only, but now has been archived.
No new comments can be posted.

As Christopher Soghoian and Sid Stamm point out in their recent paper [cloudprivacy.net] regarding man-in-the-middle attacks on SSL, apps like IE that rely on Windows' Trusted Store will reach out to a Microsoft server to decide whether a CA is trusted. So the short list of CAs you might see in IE's UI isn't anywhere near the whole story:

Thus, any web browser that depends upon Microsoft's Trusted Root Store (such as Internet Explorer, Chrome and Safari for Windows) ultimately trusts 264 different CAs to issue certicates with